The federal government has slightly improved its overall computer security grade from C-minus to C, according to the FY 2007 Computer Security Report Card (pdf) released by the House Committee on Oversight and Government Reform. However, more than a third of the 24 agencies evaluated received a D or F: Departments of Agriculture, Defense, Interior, Labor, Transportation, Treasury, Veterans Affairs and the Nuclear Regulatory Commission.
The grades are based on data from agenciesâ€™ annual reports, which are required by the 2002 Federal Information Security Management Act. Last year, 10 of the agencies received (pdf) a D or F and an eleventh, the Department of Veterans Affairs did not submit a report and could not be evaluated. Previously, I reported that the federal government has left 1.2 million laptops unencrypted even though there have been numerous data security breaches and the basic level of security provided by encryption would have helped protect the individuals whose data were jeopardized.